Central Security Operations Center 
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1. Log In 


Enter the following URL “https://bossasn.cdacchn.in” in the web browser 


(3 > C Ù | O ñ https: //bossasn.cdacchn.in ee (y) Y + I\ 0 © 







INTERNET ADMINISTRATION 


Login ID 





Password 





On entering valid username and password the homepage appears. 


2. Dashboard 


Click on “Overall View” to see the stats of all the client machines registered under the unit and its 
sub-units. If “Overall View” is unchecked the only stats of clients registered under that unit is 
displayed. 


In the dashboard you will find the following statistical data based on the current admin who has 
logged in 


e Registered Client : Count of clients registered 
e Rules Pushed: Percentage of clients for which policy is pushed 
e Clam Pushed: Percentage of clients for which clam is pushed 


e Logs Received: Percentage of clients for which Logs are received 


e Patch Update: Percentage of clients for which the Patch Updates are done 
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e Recent 5 days Alert 
o Alerts of each subcategory that occurred in number of clients for recent 5 days is 
displayed in the graph. 


e OTP Issued 
Number of OTPS generated on current date 


e OTP Used 
Number of OTPS being used 


e Patch Updated 
Number of Patch updates occured 


e Rules Updated 
Number of Clients in which policies are updated 


In the dashboard , admin of the AHCC unit is the superuser hence can perform all the actions on the 
dashboard whereas the other admins can only perform the following operation 


1. Generate OTP 


2. Create Local Admin/Unit 
3. View Available clients 
4. View Logs 


3. Generate OTP 


This module is used to generate OTP, that is used during client system registration. The OTP is 
used to assign the system to the appropriate level in the hierarchy automatically. 


Enter the caller name and click “Generate OTP” 
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Generate OTP Reset 
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E> Client Status 


U Generate OTP 





Enter the caller name and click on generate OTP . 
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OTP is :8493-38714 
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LJ Group Client mapping 


: OK 
& Policy Configuration 


© Whitelist USB Log 
E> Client Status 


U Generate OTP 





The OTP is generated and displayed on the screen. 


4. Local Admin Creation 


This module is used to create/update admins login. 


The currently logged in admin can create admins one level lower to the current level in hierarchy 
(i.e a “ecunit” admin can create a “dhimapur” admin within his command). 
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To create admin, click on “Create Login” and enter the details. Unit can be added by clicking on 
“To Create New Unit” 


For example : When a “AHCC” admin creates a admin for “Eastern Command”. Firstly he creates 
a new unit named “unit1” and then selects that from the Units drop down list. 
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Unit created sucessfully 
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(J Group Client mapping 


To Create New Unit 


Policy Configuration | | 
o y J Create Login | Update Login | Delete Login 


O Whitelist USB Log 





Finally click on “Submit Form” 


5. Hierarchy Chart 


Clicking on “Hierarchy”, shows the newly added unit unit1 in the hierarchy 


neunit unit1 srinagar 


dhimapur 





6.View Client 


To view the list of available client, click on “Clients” 
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Clients Ed 
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3% Local Admin 





2: Groups Client Name E Unit MAC IP Reg Status 
[1 Group Client mapping johnahcc @ AHCC 00:0ffe:dl:04ba 10.184.36.158 Yes 
® Policy Configuration SAGAR ONE SIX SEP@ AHCC 08:00:27f3dd:77 | 10.184.35.85 Yes 
© Whitelist USB Log Sangeetha @ AHCC 08:00:27:cf03:69 10.184.35.161 Yes 
E> Client Status Sangeetha @ AHCC 08:00:27:4f:49a2 10.184.35.161 Yes 
O Generate OTP Sangeetha @ AHCC 08:00:27:0f:fd:41 10.184.35.161 Yes 
@ Log viewer Sangeethat @ AHCC 08:00:27 7a:Sf3e | 10.184.35.161 Yes 
À confi gure Alert test one @ AHCC 48:0f:cf:5b0:eb:4a 120.5714119 Yes 
test two @ AHCC 48:0f:cf:51:04:87 120.57 14119 Yes 
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7. View Logs 


To view the logs, click on “LogViewer” 
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Log Viewer 


Unit Name: Clients : Logs : 

AHCC = 8493-johnahcc-9VY/O0Y9T-29C ~ ANTIVIRUS SCAN LOG ld 
Log Date : *Search Term : 
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*Cose Sensitive 


BEG 


SI A lsearch 


10 ~ ¡entries 


Client Host a DateTime Message 


Log Type 


No data available in table 


In the window that appears select the Unit and then select the client and from the dropdown list 
select the logtype and finally click “Search”. To reset click on “Reset” 


The selected log gets displayed. To view other logs click on the name of the log 
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Message 


Knownviruses:8918418,Engineversion:0.102.4,Scanne 
read:239.69,Time:74.062 


Infected file is /homelcdacl/Downloads/eicarcor 


Infected file is /home/cdacl/Downloads/eicar.cot 


Infected file is /home/cdacl/Downloads/eicar_c« 


Infected file is /home/cdacl/Downloads/eicar.co! 


fs-root:27,fs-home:l,fs-var:9,fs-usr:27 fs-ram-total 


Infected file is [/home/cdacl/Downloadsf/eicar.co1 


8.Policy Configuration 


The AHCC admin has this option to set policies for the client machines. Click on “Policy 
Configuration” 
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8.1 Adding a Policy 


8.1.1 Services 


To add a service Click on PolicyConfiguration = +Service 


Policytype 


service 
Value 
cups 


Author 


ADMINI 





8.1.2 Ports 


To add a port Click on PolicyConfiguration > +Ports. Only numbers are allowed for this 
policytype. 





Policytype 


ports 


Value 
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| 1008] C 

















Author 


ADMINI 


8.1.3 IP Address 


To add a IP Address Click on PolicyConfiguration — +IP. Only a valid IPV4 address will be 
allowed. 





Policytype 
ip 
Value 


| 10.184.0.4| 











Author 


ADMINI 





8.1.4 URL 
To add a URL Click on PolicyConfiguration > +URL 





Policytype 


url 


Value 
youtube.com 


Author 


ADMINI 





8.1.5 Package 


To add a package Click on PolicyConfiguration = +Package 





Policytype 


package 


Value 


apache? 


Author 


ADMINI 


+ Submit 


8.1.6 Application 


To add a application Click on PolicyConfiguration — +Application 





Policytype 


application 


Value 


firefox 


Author 


ADMINI 


+ Submit 


8.2 Apply/Update Policy 


To apply policy to the clients , click Policy Configuration = UnitPolicy the following page appears 
on the screen 
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8.2.1 URLS 
To block a URL, select the “Url” option and click Edit Policy 
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Select one or mulitple URLS from the available URLS and click on > key in the form to push it to 
the disable side , after verifying click on update policy to push the URLS to clients under all the 
Units. Finally click “Update”. 


To unblock a URL, select the URL from the disable list , click on < button to move it to Available 
list and click “Update”. 


8.2.2 Applications 


To disable application in client, select “Application” / Enter the application name search box and 
click on Search. Select the application from the list and click on > and click “Update Policy”. 
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8.2.3 Ports 


To activate/deactivate port, Select “Edit Global Policy” — “Port” and click “Edit Policy” 
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Select the port that is to be activated/deactivated and toggle between the Active Ports/Inactive Ports 
using the >>/<< buttons respectively. 


Finally click “Update Policy” 


8.2.4 Services 
To activate/deactivate port, Select “Edit Global Policy” — “Service” and click “Edit Policy” 
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Select the service that is to be activated/deactivated and toggle between the Active Services/Inactive 
Services using the >>/<< buttons respectively. 


Finally click “Update Policy” 


8.2.5 IP 
To activate/deactivate port, Select “Edit Global Policy” | “IP” and click “Edit Policy” 
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0) Generate OTP 


Select the service that is to be activated/deactivated and toggle between the Active IPs/Inactive IPs 
using the >>/<< buttons respectively. 


Finally click “Update Policy” 


8.3 Exceptional Policy 


To add exceptional URL policy(allow URLS to people belonging to a group) click on 
PolicyConfiguration + Group Policy , the following screen appears. 
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Select the group and click on edit Policy. 

From the list of Blocked URLS , select the url you want to allow for the selected group. For 
example “Seresoft.com” for officer group and click on Update Policy button to allow the members 
of officer group to access that URL. 
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8.4 Upload Policy 


To upload policies from a file click on Policy Configuration = Upload Policy. Input a CSV file 
with policytype,value,author on the first line, the actual values on the subsequent lines. 


For example: 
policytype,value,author 
url facebook.com 
ip10.184.55.10 
You can also see a sample CSV by clicking on Show CSV button. 


Browse the file and click on upload to load the policies in addition to the already existing policies 


Central Security Operation Center 


Upload Policy 


Click on the button to see a sample CSV: 


Show CSV 


No file selected. 





9. Client Status 


The client update status is shown on screen as follows on clicking “Client Status”. We can filter the 
status unitwise by entering the unitname as shown below. 


Client Update Status 


b 5 B Column Visibility 


Show] 10 ~ | entries Q AHCC| 
Reg 
Client Name Unit Status Registered Log Policy Clam Patch 
johnahec AHCC Yes 29-09-2020 05-10-2020 30-09-2020 30-09-2020 30-09-2020 
SAGAR ONE SIX AHCC Yes 17-09-2020 17-09-2020 | 17-09-2020 
SEP 
Sangeetha AHCC Yes 14-09-2020 16-09-2020 16-09-2020 14-09-2020 16-09-2020 
Sangeetha AHCC Yes 17-09-2020 26-09-2020 26-09-2020 | 18-09-2020 18-09-2020 
Sangeetha AHCC Yes 29-09-2020 30-09-2020 30-09-2020 30-09-2020 30-09-2020 
Sangeethat AHCC Yes 12-09-2020 14-09-2020 
test one AHCC Yes 07-09-2020 28-09-2020 
Central Secu rity Operation Center 
Whitelisted USB Log Entries 
Name Whitelist Log Pattern Date Action 
hploos Osf0:002a Sept. 23, 2020 F 


Add Whitelist Entries 


Name 


Real Name of user should required 


Whitelist Pattern 


Pattern for whitelist should required 


10. Group 


Group menu is only available for AHCC adminuser. It is mainly used for grouping clients for which 
there is a need to push exceptional policies. 


10.1 Create Group 


To create a group click on this menu. Enter a Group Name and a short description for the group and 
click on Add Group to Create group. 
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10.2 Manage Group 


To edit/ update / delete a group click on this menu. 
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11. Group Client Mapping 


To map/unmap a client to a exceptional group select a group and select client and use >/< button to 
assign/unassign a client to the selected group. 
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12. Whitelisting USB Log 


To whitelist USB Log click on “Whitelist USB Log” 


Add Whitelist Entries 
Name Whitelist Pattern 
hpl1008 O3fa:002a 


Note: Pattern for log entry like "09/17/2017 17:15:48 HUA?WEI TECHNOLOGIES-HUAWEI 
Mobile, Mass Storage 561la:812b” pattern text must be 561la:B12b 


Add Pattern Reset 

















Enter the name of USB device and the pattern , the vendor ID is entered as shown above and click 
Add Pattern. 


It will get added like shown below. 
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Whitelisted USB Log Entries 


Name Whitelist Log Pattern Date Action 


hp1008 03f0:002a Sept. 23, 2020 a 
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Name Whitelist Pattern 


13. View Alerts 


The Alerts generated for past five days are listed on the Dashboard. Click on Alert sysmbol “!” to 
see the list of alerts created in the dashboard. 
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Click on each of the links to find the details 
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On clicking the search icon the violated log entry appears on the screen 
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14. Password Reset 


To reset password of admin, click on the key symbol from the bottom-most menu in the dashboard, 
the reset password screen appears. Enter old password , new password and click on “Reset 
Password” 

Note: New password should be a combination of alphanumeric and special characters. 
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Finally click on “Change Password”. 


